[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2023-31913, CVE-2023-31914, CVE-2023-31916, CVE-2023-31918,...
Chris Lamb (@lamby)
lamby at debian.org
Mon May 22 17:34:09 BST 2023
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
182272b5 by Chris Lamb at 2023-05-22T09:31:10-07:00
Triage CVE-2023-31913, CVE-2023-31914, CVE-2023-31916, CVE-2023-31918, CVE-2023-31919 & CVE-2023-31920 in iotjs for buster LTS.
- - - - -
1cce0841 by Chris Lamb at 2023-05-22T09:31:50-07:00
Triage CVE-2023-29659 in libheif for buster LTS.
- - - - -
e69ae8b4 by Chris Lamb at 2023-05-22T09:32:32-07:00
Triage CVE-2021-31239 in sqlite3 for buster LTS.
- - - - -
fb373eb1 by Chris Lamb at 2023-05-22T09:32:59-07:00
Triage CVE-2023-28371 in stellarium for buster LTS.
- - - - -
08ae7461 by Chris Lamb at 2023-05-22T09:33:30-07:00
Triage CVE-2023-2610 in vim for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -605,26 +605,32 @@ CVE-2023-31921 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an As
CVE-2023-31920 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
- iotjs <unfixed>
[bullseye] - iotjs <ignored> (Minor issue)
+ [buster] - iotjs <ignored> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/5070
CVE-2023-31919 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
- iotjs <unfixed>
[bullseye] - iotjs <ignored> (Minor issue)
+ [buster] - iotjs <ignored> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/5069
CVE-2023-31918 (Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertio ...)
- iotjs <unfixed>
[bullseye] - iotjs <ignored> (Minor issue)
+ [buster] - iotjs <ignored> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/5064
CVE-2023-31916 (Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertio ...)
- iotjs <unfixed>
[bullseye] - iotjs <ignored> (Minor issue)
+ [buster] - iotjs <ignored> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/5062
CVE-2023-31914 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memo ...)
- iotjs <unfixed>
[bullseye] - iotjs <ignored> (Minor issue)
+ [buster] - iotjs <ignored> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/5071
CVE-2023-31913 (Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertio ...)
- iotjs <unfixed>
[bullseye] - iotjs <ignored> (Minor issue)
+ [buster] - iotjs <ignored> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/5061
CVE-2023-2682 (A vulnerability was found in Caton Live up to 2023-04-26 and classifie ...)
NOT-FOR-US: Caton Live
@@ -910,6 +916,7 @@ CVE-2023-2614 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pim
CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
- vim <unfixed> (bug #1035955)
[bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
NOTE: https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a (v9.0.1532)
CVE-2023-32216
@@ -5872,6 +5879,7 @@ CVE-2023-29660
CVE-2023-29659 (A Segmentation fault caused by a floating point exception exists in li ...)
- libheif <unfixed> (bug #1035607)
[bullseye] - libheif <no-dsa> (Minor issue)
+ [buster] - libheif <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libheif/issues/794
NOTE: https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991 (v1.15.2)
CVE-2023-29658
@@ -10257,6 +10265,7 @@ CVE-2023-28372
CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are typic ...)
- stellarium <unfixed> (bug #1034183)
[bullseye] - stellarium <no-dsa> (Minor issue)
+ [buster] - stellarium <no-dsa> (Minor issue)
NOTE: https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7
NOTE: https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78
NOTE: https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb
@@ -152384,6 +152393,7 @@ CVE-2021-31240 (An issue found in libming v.0.4.8 allows a local attacker to exe
CVE-2021-31239 (An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacke ...)
- sqlite3 3.36.0-2
[bullseye] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <no-dsa> (Minor issue)
- sqlite <removed>
[buster] - sqlite <not-affected> (Vulnerable feature introduced later)
NOTE: https://www.sqlite.org/forum/forumpost/d9fce1a89b
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3bad6ef0e67ab188ebf61c1f75264d19de1dca4...08ae7461851678ad8afbd858fd346a5c0524dd6d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3bad6ef0e67ab188ebf61c1f75264d19de1dca4...08ae7461851678ad8afbd858fd346a5c0524dd6d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230522/7cbf569d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list